Commit Graph

25 Commits

Author SHA1 Message Date
bf5b066a8d fix: evaluate wolfSSL_pending() under cs_hSocket in the recv-drain loop
The bulk-streaming recv-drain loop called wolfSSL_pending(pnode->ssl) after
releasing cs_hSocket, racing with SocketSendData (wolfSSL_write) and
CloseSocketDisconnect (wolfSSL_free) on the same TLS session -- a data race and
potential use-after-free on any TLS peer. Capture the pending-byte count inside
the cs_hSocket-locked block and use the captured value for the drain decision.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-08 05:48:39 +02:00
1673cfb6dc IBD/sync speedups: parallel RandomX pre-verify, adaptive dbcache, P2P download fixes
- Parallel RandomX PoW pre-verification pool (CCheckQueue) run ahead of the serial
  connect; consensus-neutral (inline CheckRandomXSolution fallback still verifies
  anything not pre-verified). New -randomxverifythreads (default = -par).
- Adaptive dbcache: default sizes the UTXO/coins cache to most of RAM and shrinks
  under memory pressure, always leaving a reserve free; -dbcache pins a fixed value.
- P2P block download: bounded socket recv-drain loop (tlsmanager); frontier-block
  reassignment to break head-of-line stalls (-blockreassigntimeout); ProcessGetData
  serves a bounded batch of blocks per pass instead of one (fixes the serve-side
  one-block-per-tick throttle that caps download network-wide).
- assumeutxo: dumptxoutset RPC + LoadSnapshot machinery + AssumeutxoData chainparams.
- Signed bootstrap verification (util/bootstrap-dragonx.sh, util/sign-bootstrap.md).
- gtest: RandomX pre-verify consensus-equivalence test + UTXO-snapshot round-trip;
  revived the gtest harness (Makefile.am include fix, Makefile.gtest.include).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 12:30:10 -05:00
Duke
8dc516e82f Use -std=gnu17 to compile wolfssl and use all cores to compile 2025-12-29 22:35:22 -05:00
Duke
bd967b7ac6 Exit out of TLSManager::waitFor() loop if shutdown requested 2024-09-17 11:30:01 -04:00
onryo
58b65f9670 Update copyrights 2024-02-27 23:59:59 +01:00
Duke
809c0a4b38 Update to wolfssl 4.8.0 and do not verify cert 2024-02-12 12:52:01 -05:00
Duke
e033a2e6eb Update copyrights to 2023 2023-02-09 18:06:03 -05:00
Jonathan "Duke" Leto
5d2307a709 Update copyrights to 2022 2022-09-19 15:45:30 -07:00
jahway603
ccfd17b3b2 minor change 2022-03-27 00:40:46 -04:00
Duke Leto
4a536d62dc Update copyrights 2021-04-17 13:03:22 -04:00
Duke Leto
fe0d371165 Improve TLS error reporting 2021-03-29 09:57:03 -04:00
Duke Leto
ca4fb7b9a0 TLS tweaking and freaking 2021-01-24 19:30:54 -05:00
Duke Leto
415636af68 Improve TLS p2p error-handling and reduce logspam 2021-01-24 15:57:21 -05:00
Duke Leto
1488a03f1c Improved TLS error handling and teach getpeerinfo about cipher of each connection 2021-01-24 15:06:34 -05:00
Duke Leto
c9b4dfa9c7 Force WolfSSL side-channel resistance
There seems to be some build-bug in WolfSSL, such that even though
--enable-harden (HARDEN) is default, it's not set correctly in options.h .

So we define it correctly just after parsing all other config options
BUT BEFORE we load the rest of WolfSSL headers.

These will be defined no matter what options are given to wolfssl ./configure:

ECC_TIMING_RESISTANT
TFM_TIMING_RESISTANT
2021-01-24 13:09:25 -05:00
Duke Leto
b58c15b9fb update copyrights 2020-12-10 07:45:36 -05:00
miodragpop
3ae6205a9b tls shape-up 2020-11-03 16:09:20 +01:00
miodragpop
9ff7565901 OpenSSL replaced by WolfSSL 2020-10-28 22:13:52 +01:00
miodragpop
eaed7355c6 tls rework 2020-10-23 21:17:20 +02:00
Duke Leto
be16f80abc Hush Full Node is now GPLv3
Any projects which want to use Hush code from now on will need to be licensed as
GPLv3 or we will send the lawyers: https://www.softwarefreedom.org/

Notably, Komodo (KMD) is licensed as GPLv2 and is no longer compatible to receive
code changes, without causing legal issues. MIT projects, such as Zcash, also cannot pull
in changes from the Hush Full Node without permission from The Hush Developers,
which may in some circumstances grant an MIT license on a case-by-case basis.
2020-10-21 07:28:10 -04:00
Duke Leto
155c310be0 Make nodes randomly prefer one ciphersuite or another upon startup 2020-10-03 12:59:22 -04:00
Duke Leto
9bae61c894 Merge pull request #146 from miodragpop/hush3-tls
Patch: openssl config to build support for TLS_CHACHA20_POLY1305_SHA256 cipher
2020-10-03 06:29:26 -07:00
miodragpop
de8a436f3b limiting available ciphers to a few strongest 2020-10-03 13:54:44 +02:00
Duke Leto
46177addbe Update copyrights 2020-10-03 07:20:17 -04:00
miodragpop
62f67821ec tls implemented 2020-09-29 13:08:45 +02:00